Yes. And what's even worse is this: How many sites in common use actually need the Java browser plugin? And yet, if you are not careful, it will be enabled in your browser, thus increasing your vulnerability for no good reason.
If regular users were commonly aware of what browser plugins they actually need, and knew how to go through the list and disable the ones they actually didn't need, that would mitigate things somewhat.
If regular users were commonly aware of what browser plugins they actually need, and knew how to go through the list and disable the ones they actually didn't need, that would mitigate things somewhat.